Skip to main content

fluffbuzz approvals

Manage exec approvals for the local host, gateway host, or a node host. By default, commands target the local approvals file on disk. Use --gateway to target the gateway, or --node to target a specific node. Related:

Common commands

fluffbuzz approvals get
fluffbuzz approvals get --node <id|name|ip>
fluffbuzz approvals get --gateway

Replace approvals from a file

fluffbuzz approvals set --file ./exec-approvals.json
fluffbuzz approvals set --node <id|name|ip> --file ./exec-approvals.json
fluffbuzz approvals set --gateway --file ./exec-approvals.json

Allowlist helpers

fluffbuzz approvals allowlist add "~/Projects/**/bin/rg"
fluffbuzz approvals allowlist add --agent main --node <id|name|ip> "/usr/bin/uptime"
fluffbuzz approvals allowlist add --agent "*" "/usr/bin/uname"

fluffbuzz approvals allowlist remove "~/Projects/**/bin/rg"

Notes

  • --node uses the same resolver as fluffbuzz nodes (id, name, ip, or id prefix).
  • --agent defaults to "*", which applies to all agents.
  • The node host must advertise system.execApprovals.get/set (macOS app or headless node host).
  • Approvals files are stored per host at ~/.fluffbuzz/exec-approvals.json.